Ping de openvz VM no está disponible

Esta caja openvz funcionaba correctamente hace unas semanas, y ahora no puede hacer ping al mundo exterior.

No soy experto en networkinges, y pensé que la configuration inicial de trabajo duraría más time.

Otra información interesante es que los web services de esta máquina virtual están disponibles desde fuera.

Interfaz de networking de ping:

vz:/# ping 88.191.118.xxx PING 88.191.118.xxx (88.191.118.xxx) 56(84) bytes of data. 64 bytes from 88.191.118.xxx: icmp_req=1 ttl=64 time=0.048 ms 64 bytes from 88.191.118.xxx: icmp_req=2 ttl=64 time=0.043 ms --- 88.191.118.xxx ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.043/0.045/0.048/0.007 ms 

Ping google:

 vz:/# ping 74.125.230.83 PING 74.125.230.83 (74.125.230.83) 56(84) bytes of data. --- 74.125.230.83 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3023ms 

ifconfig:

 vz:/# ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:59 errors:0 dropped:0 overruns:0 frame:0 TX packets:59 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5507 (5.3 KiB) TX bytes:5507 (5.3 KiB) venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:127.0.0.1 PtP:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 RX packets:89 errors:0 dropped:0 overruns:0 frame:0 TX packets:584 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:20938 (20.4 KiB) TX bytes:395767 (386.4 KiB) venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:192.168.23.101 PtP:192.168.23.101 Bcast:0.0.0.0 Mask:255.255.255.255 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 

Rutas:

 vz:/# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.0.2.1 0.0.0.0 255.255.255.255 UH 0 0 0 venet0 0.0.0.0 192.0.2.1 0.0.0.0 UG 0 0 0 venet0 

iptable en host:

 iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere 

Resuelto: la caja se reinició hace 2 semanas, y el script iptables no se inició.

Secuencia actual firewall.sh:

 sd-20628:~# more firewall.sh #!/bin/bash IPTABLES='/sbin/iptables'; VZ101_WEB="192.168.23.101"; LAN="192.168.23.0/24"; WAN_IFACE="eth0"; WAN_IP="88.191.xxx.xxx"; # Flushing tables $IPTABLES -F $IPTABLES -X $IPTABLES -t nat -F # Define default policy $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD ACCEPT $IPTABLES -A INPUT -j ACCEPT -d $LAN; $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED $IPTABLES -A INPUT -j ACCEPT -p tcp --dport 22 $IPTABLES -A INPUT -j ACCEPT -p tcp --dport 80 $IPTABLES -A INPUT -j ACCEPT -p tcp --dport 9102 $IPTABLES -A INPUT -j ACCEPT -p icmp # SSH in VZ access $IPTABLES -t nat -A PREROUTING -p tcp --dport 22101 -d $WAN_IP -j DNAT --to-destination $VZ101_WEB:22